Scenario
ABC company is a top-notch car-making manufacturer. Recently they came up with plans to create a car that can think, talk, jump over a truck and many more incredible feats that a normal car cannot do. They were on a blink of success and were ready to launch their super car in June 2004. Unfortunately a rival company, DEF, outsmarted them. They released the same kind of car that ABC had designed in May 2004.
Just imagine the look on the management staff when the car was released. All department heads were taken to task. The CEO shouted“ HOW COULD THIS HAPPEN TO US!!!! OUR DESIGN IS EXCLUSIVE!!!” HOW COULD ANYONE GET HOLD OF OUR BLUEBPRINT!!!”
Even the CIO was puzzled. He was wondering how such an unfortunate event could happen. They had a top-notch internal and external security system and they were right. ABC ranked no 1 in computer security and was the most difficult company to hack. They had a good and sound security policy. The CEO instructed the CIO to solve the problem and if he did not come out with an answer in two weeks, he would be FIRED!!!
Out of desperation he hired a detective to solve the problem. The detective managed to infiltrate the rival’s company ( how? I do not know, it’s their job anyway) and discovered that a former disgruntled employee of ABC had stolen the designs by storing them in five USB 2.0GB thumb drives!!!! Apparently he was the first person to design the blue print but it was given to somebody else to complete the job. He was not given the due recognition for his design.
Some organisations have no policy in place for detecting USB drivers or regulating their use. It is relatively easy for a visiting customer, technician, consultant, disgruntled employee, or anyone clever enough to gain access to a PC. Then they can plug a USB drive into any USB port and download dozens or hundreds of files at one go when nobody is watching. USB drives have surpassed 2GB of storage and are still growing. They are easy to hide as they are tiny. You can put it in your top pocket of your brand new shirt.
Another threat is that files infected with virus can easily be transmitted into networks through USB drives, completely bypassing anti-virus gateways or e-mail servers. Hackers can store a bevy of sophisticated tools on these tiny devices, including port scanners, spyware, password crackers, and keyword loggers.
A hacker can then use social engineering techniques to gain access the company and access a computer that has a USB drive to do all kinds of sinister attacks. Lastly, if any of these devices are lost by staff members, anyone who find it has easy access to all the stored files.
Preventions
1. Educate the staff on the proper and improper use of USB drives.
2.Have a good and sound security policy on the proper and improper use of USB drivers.
3.Permission needs to be asked first before the usage of USB drives
4.Store USB drives in a safe place.
5.Have a sign in and sigh out book for the USB drives.
6. Make sure all files store in the USB drives are encrypted. Therefore when any of the drivers are lost and found by someone else. The files would not be able to be accessed.
7. Make sure the screen-saver password-protect feature are implemented on all PCs. Locking out PCs when not in use after 3 to 5 minutes.
8. Set up anti-virus system to scan all drives and removable media for viruses and other malware. Confirm that the scanning takes place or run a manual scan before transferring files to the desktop.
9. Disable USB ports. You can do so via the system BIOS settings, which can be password protected.
10. A keep text file with the user name and phone number should be kept on the USB drives. This file need not be encrypted. To be access by anyone who has found a USB drive and return it to a appropriate owner. Extra information Third party utilities are available for locking a desktop.
They are :
1 TopLang Software’s Desktop Lock
2. Ixis’s PC Lockup
3. Spytech Software’s SpyLock
4. Tomorroware’s StayOut.
Provide users with secure USB drives. Media JumpDrive Secure is a USB flash drive with built-in password protection. SanDisk offers CruzerLock software with its USB flash drives, letting you password-protect and encrypt individual files. Sony offer products with fingerprint authentication.
SecureWave’S SecureNT lets you control end-user access to any number of I/O devices including USB flash drives, by using an access control list of company-approved devices, deny access to devices not on the list, and monitor the use of all such devices.
No comments:
Post a Comment